PRINCE NANA MANUKURE
Philadelphia, PA *****
267-***-**** ad4swy@r.postjobfree.com
Professional Summary
Information Assurance Specialist with over 3 years of experience, specializing in information security, project development and management, and the Assessment & Authorization (A&A) process. Focused on enterprise security risk management, with extensive knowledge in risk assessment, implementing controls, vulnerability mitigation, and configuration management using industry-standard frameworks.
§ Familiar with federal security policies, standards, and guidelines including NIST 800 SPs such as 800-37, 800-53/53A rev 4, FIPS 199/200, FISMA, HIPAA, & FedRAMP.
§ Proficient in Risk Assessment, Risk Management Framework (RMF), Systems Development Life Cycle (SDLC) and Security Assessment and Authorization process (SA&A).
§ Experienced in developing ATO package documents such as SSPs, SARs, POA&Ms, Contingency Plans, Incident Response Plans, PIA, and Configuration Management Plans.
§ Skilled in communicating technical information to clients and non-technical personnel at all levels of the organization.
Work Experience
Information Security Analyst
Herran Associates, Philadelphia, PA 02/2021 to present.
§ Collaborate with Information System Security Officers to prepare Assessment and Authorization
(A&A) packages using the six-step Risk Management Framework Process (RMF).
§ Develop and track corrective actions for the Plan of Action and Milestones (POA&M) of all accepted risks upon completion of Security Control Assessment (SCA) exercises, documented in the system security plan (SSP).
§ Create system security artifacts such as contingency plans (CP), incident response plans (IRP), privacy impact assessments (PIA), MOUs/ISAs and risk assessment (RA) documents for compliance with NIST 800 guidelines and agency’s security requirements.
§ Monitor controls post-authorization to ensure continuous compliance with security requirements, evaluates threats and vulnerabilities through Nessus scan results, and collaborated with IT staff for mitigation actions.
§ Develop and update Authorization to Operate (ATO) packages such as the SSPs, SAR and POA&Ms for information systems to ensure compliance with the organization’s information security requirements.
§ Conduct the ST&E Kick-off Meeting and populated the Requirements Traceability Matrix (RTM) according to NIST SP 800-53A.
§ Review implementation statements and supporting evidence of security controls to determine if the systems are currently meeting the requirements and provide findings/suggested mitigations to stakeholders.
Global Communication, Ghana 02/2014 – 03/2019
System Support Analyst
§ Formulated and upheld updated security policies, protocols, and standards, ensuring streamlined and more efficient management of information system measures.
§ Identified issues and implemented solutions to facilitate the repair of diverse computer components
(both hardware and software).
§ Documented the resolution process and conducted policy reviews to gauge the efficacy of the remedial measures.
§ Conducted manual antivirus scans on computers following notifications of security breaches.
§ Assisted in the comprehensive monitoring of operational computer systems across the organization.
§ Offered support for printer operation, software functionality, and peripheral devices while managing workstation services and assisting users with standard office tools and local applications. EDUCATION
High School Diploma
Professional Certifications
§ Certified Information Security Manager (CISM)
§ COMPTIA Security+ (S+)
§ Scrum Master Accredited Certification – (SCM)
§ Certified Governance, Risk and Compliance (CGRC) – In Progress Skills
§ Risk Assessment & Management
§ Security Assessment & Authorization
§ PO&AM Management
§ Authorization-To-Operate (ATO) Process
§ System Security Documentation
Technical Tools
• Governance, Risk, and Compliance (GRC), CSAM
• Vulnerability Assessment Tool, (Nessus)
• Operating Systems, Windows Operating Systems
• Microsoft Suites, Word, Excel, PowerPoint